SlideShare a Scribd company logo

(120107) #fitalk anonymizing activities

INSIGHT FORENSIC
INSIGHT FORENSIC

2012 F-INSIGHT TALK

Technology
1 of 14
Download to read offline
FORENSICINSIGHT SEMINAR Anonymizing Activities Kevin Koo (kevinkoo001@gmail.com)
forensicinsight.org Page 2 / 14 개요  Tor History  Tor Concept  AdvOR@Windows  torsocks@Linux (Installation & Usage)  Tor Pitfalls  Privoxy  Proxy Type  Anonymizers & De-Anonymizers
forensicinsight.org Page 3 / 14 Tor (The Onion Routing) History  History - Roger Dingledine, Nick Mathewson and Paul Syverson, “Tor: The Second-Generation Onion Router" at the 13th USENIX Security Symposium (08.13.2004) - Sponsored by the US Naval Research Laboratory Financially supported by the Electronic Frontier Foundation - Awarded the Free Software Foundation's 2010 Award for Projects of Social Benefit http://www.torproject.org http://sourceforge.net/projects/advtor/
forensicinsight.org Page 4 / 14 Tor (The Onion Routing) Concept  A network of virtual tunnels that allows people and groups to improve their privacy on the Internet.  Routing information for each link encrypted with the public key.  Each router learns only the identity of the next router
forensicinsight.org Page 5 / 14 AdvOR@Windows (Installation & Usage)  Default Port: 9001  Supports Socks4, Socks5, HTTP, HTTPS SOCKS4 VS SOCKS5 (supports Proxy Authentication)  Specifies browse type, version, OS, extensions  Restricts connections only from specific IPs or IP Ranges  Selects Exit node New Identity Banned routers Favorite routers IP Blacklist
forensicinsight.org Page 6 / 14 Default Port: 9050 # apt-get install –y torsocks # wget http://ipip.kr # usewithtor wget http://ipip.kr # usewithtor wget http://ipip.kr -U "Mozilla/5.0 (Windows NT; en-US) Gecko/20100316 firefox/3.6.2” # usewithtor ssh id@myweb.hosting.com # ./tgrab.sh http://ipip.kr torsocks@Linux (Installation & Usage)
forensicinsight.org Page 7 / 14  SocksiPy.zip (http://socksipy.sourceforge.net, http://sourceforge.net/projects/socksipy) # cp socks.py /usr/lib/python2.7/dist-package  torwget.py : SOCKS proxy initialization, socket object  SocksiPy class overriding) : socks.setdefaultproxy(proxy((socks.proxy (PROXY_TYPE_SOCKS5, TOR_SERVER, TOR_PORT) socket.socket = socks.socksocket : TOR_SERVER = “127.0.0.1”, TOR_PORT=9050  http://malc0de.com/database/  xnxxvideos.xn.funpic.org/dll.exe (2012.1.1) # python torwget.py -c xnxxvideos.xn.funpic.org/dll.exe -r http://msn.com –z xnxxvideos.xn.funpic.org/dll.exe Hostname: xnxxvideos.xn.funpic.org Path: /dll.exe Headers: {'Referrer': 'http://msn.com', 'Accept': '*/*', 'User-Agent': 'Opera/9.51 (Macintosh; Intel Mac OS X; U; en)'} Saving 786432 bytes to xnxxvideos. xn.funpic.org/dll.exe Done! torsocks@Linux (Installation & Usage)
forensicinsight.org Page 8 / 14 Tor Pitfalls  Speed  Untrusted tor user (Exit node)  Tor block list
forensicinsight.org Page 9 / 14 Privoxy  Port 8118  Feasibility filter banner ads, web bugs, and HTML annoyances bypass click-tracking scripts and redirections remove animation from GIFs # apt-get install privoxy # netstat –anlpt Active Internet connections (servers and established) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 127.0.0.1:8118 0.0.0.0:* LISTEN 10315/privoxy  http://www.privoxy.org, http://sourceforge.net/projects/ijbswa/files/  /etc/privoxy/config forward-socks5 / 127.0.0.1:9050 .
forensicinsight.org Page 10 / 14 Proxy Type  Transparent Proxy  Anonymous Proxy  Highly Aanonymous Proxy header_check.php <?php $get_headers = apache_request_headers(); echo $_SERVER[„REQUEST_METHOD‟] . “ “ . $_SERVER[„REQUEST_URI‟] . “ “ . $_SERVER[„SERVER_PROTOCOL‟] . “<br/>”; foreach ($get_headers as $header => $value) { echo “$header: $value <br/>n”; } echo “<br/><br/>Your IP address is: “ . $_SERVER[„REMOTE_ADDR‟]; ?>
forensicinsight.org Page 11 / 14 Proxy Type: Transparent  Transparent Proxy http://www.proxy4free.com/
forensicinsight.org Page 12 / 14 Proxy Type: Anonymous  Anonymous Proxy http://www.youhide.com/
forensicinsight.org Page 13 / 14 Proxy Type: Highly Anonymous  Highly Anonymous Proxy http://aliveproxy.com/high-anonymity-proxy-list/
forensicinsight.org Page 14 / 14 Anonymizers & De-Anonymizers  Web Anonymizer http://www.anonymouse.org  Cellular Internet Connections  http://panopticlick.eff.org/ This site tests your browser to see how unique it is based on the information it will share with sites it visits. (http://panopticlick.eff.org/browser-uniqueness.pdf)  http://browserspy.dk/ This site shows you just how much information can be retrieved from your browser just by visiting a page.

Recommended

A gentle [re]introduction to cryptography
A gentle [re]introduction to cryptographyA gentle [re]introduction to cryptography
A gentle [re]introduction to cryptographyMihailo Joksimovic
 
Virus Bulletin 2017: Browser attack points still abused by banking trojans
Virus Bulletin 2017: Browser attack points still abused by banking trojansVirus Bulletin 2017: Browser attack points still abused by banking trojans
Virus Bulletin 2017: Browser attack points still abused by banking trojansPeter Kálnai
 
Presentation mac os x security
Presentation mac os x securityPresentation mac os x security
Presentation mac os x securityreza jalaluddin
 
IoT and IIOT at QuBit Prague 2018
IoT and IIOT at QuBit Prague 2018 IoT and IIOT at QuBit Prague 2018
IoT and IIOT at QuBit Prague 2018 Avast
 
Web browsers
Web browsersWeb browsers
Web browsersJuan Carlos Puche
 
My First F-Stack
My First F-StackMy First F-Stack
My First F-StackNaoto MATSUMOTO
 
Êtes vous prêt à utiliser tout son potentiel en 2017
Êtes vous prêt à utiliser tout son potentiel en 2017Êtes vous prêt à utiliser tout son potentiel en 2017
Êtes vous prêt à utiliser tout son potentiel en 2017Didier SAVALLE
 
(130720) #fitalk trends in d forensics
(130720) #fitalk trends in d forensics(130720) #fitalk trends in d forensics
(130720) #fitalk trends in d forensicsINSIGHT FORENSIC
 

Recommended

A gentle [re]introduction to cryptography
A gentle [re]introduction to cryptographyA gentle [re]introduction to cryptography
A gentle [re]introduction to cryptographyMihailo Joksimovic
 
Virus Bulletin 2017: Browser attack points still abused by banking trojans
Virus Bulletin 2017: Browser attack points still abused by banking trojansVirus Bulletin 2017: Browser attack points still abused by banking trojans
Virus Bulletin 2017: Browser attack points still abused by banking trojansPeter Kálnai
 
Presentation mac os x security
Presentation mac os x securityPresentation mac os x security
Presentation mac os x securityreza jalaluddin
 
IoT and IIOT at QuBit Prague 2018
IoT and IIOT at QuBit Prague 2018 IoT and IIOT at QuBit Prague 2018
IoT and IIOT at QuBit Prague 2018 Avast
 
Web browsers
Web browsersWeb browsers
Web browsersJuan Carlos Puche
 
My First F-Stack
My First F-StackMy First F-Stack
My First F-StackNaoto MATSUMOTO
 
Êtes vous prêt à utiliser tout son potentiel en 2017
Êtes vous prêt à utiliser tout son potentiel en 2017Êtes vous prêt à utiliser tout son potentiel en 2017
Êtes vous prêt à utiliser tout son potentiel en 2017Didier SAVALLE
 
(130720) #fitalk trends in d forensics
(130720) #fitalk trends in d forensics(130720) #fitalk trends in d forensics
(130720) #fitalk trends in d forensicsINSIGHT FORENSIC
 
CSA Atlanta Q1'2016 Chapter Meeting
CSA Atlanta Q1'2016 Chapter MeetingCSA Atlanta Q1'2016 Chapter Meeting
CSA Atlanta Q1'2016 Chapter MeetingPhil Agcaoili
 
G06.2014 gartner - magic quadrant for siem
G06.2014 gartner - magic quadrant for siemG06.2014 gartner - magic quadrant for siem
G06.2014 gartner - magic quadrant for siemSatya Harish
 
The Caesar Cipher
The Caesar Cipher The Caesar Cipher
The Caesar Cipher Annalisa Di Pierro
 
Kata tugas
Kata tugasKata tugas
Kata tugasCIKGU A.J.ZAMRI MZ@KPM MALAYSIA
 
Kata Ganti Nama Diri
Kata Ganti Nama DiriKata Ganti Nama Diri
Kata Ganti Nama DiriMegawati Jalaludin
 
05 道德价值
05 道德价值05 道德价值
05 道德价值JoJo Wong
 
(130727) #fitalk anonymous network concepts and implementation
(130727) #fitalk anonymous network concepts and implementation(130727) #fitalk anonymous network concepts and implementation
(130727) #fitalk anonymous network concepts and implementationINSIGHT FORENSIC
 
Guadalajara con 2012
Guadalajara con 2012Guadalajara con 2012
Guadalajara con 2012Jaime Restrepo
 
DotDotPwn v3.0 [GuadalajaraCON 2012]
DotDotPwn v3.0 [GuadalajaraCON 2012]DotDotPwn v3.0 [GuadalajaraCON 2012]
DotDotPwn v3.0 [GuadalajaraCON 2012]Websec México, S.C.
 
Network Security Data Visualization
Network Security Data VisualizationNetwork Security Data Visualization
Network Security Data Visualizationamiable_indian
 
Storm Worm & Botnet
Storm Worm & BotnetStorm Worm & Botnet
Storm Worm & BotnetKendiv
 
Port Knocking_Urooj.pptx
Port Knocking_Urooj.pptxPort Knocking_Urooj.pptx
Port Knocking_Urooj.pptxJOHN810970
 
Anonymity Systems: Tor
Anonymity Systems: TorAnonymity Systems: Tor
Anonymity Systems: Torantitree
 
Chapter 7 security tools i
Chapter 7 security tools iChapter 7 security tools i
Chapter 7 security tools iSyaiful Ahdan
 
Lukas Apa - Hacking Robots Before SkyNet
Lukas Apa - Hacking Robots Before SkyNet Lukas Apa - Hacking Robots Before SkyNet
Lukas Apa - Hacking Robots Before SkyNet NoNameCon
 
DotDotPwn Fuzzer - Black Hat 2011 (Arsenal)
DotDotPwn Fuzzer - Black Hat 2011 (Arsenal)DotDotPwn Fuzzer - Black Hat 2011 (Arsenal)
DotDotPwn Fuzzer - Black Hat 2011 (Arsenal)Alejandro Hernández
 
Tor
TorTor
Torantitree
 
Usability of Tor
Usability of TorUsability of Tor
Usability of TorJeremy Clark
 
The 5 most dangerous proxies
The 5 most dangerous proxiesThe 5 most dangerous proxies
The 5 most dangerous proxiesseldridgeD9
 
A Survey Report on DDOS Attacking Tools, Detection and Prevention Mechanisms
A Survey Report on DDOS Attacking Tools, Detection and Prevention MechanismsA Survey Report on DDOS Attacking Tools, Detection and Prevention Mechanisms
A Survey Report on DDOS Attacking Tools, Detection and Prevention MechanismsIRJET Journal
 
Tor
TorTor
TorSTIinnsbruck
 
Firewalls
FirewallsFirewalls
FirewallsShreya Singireddy
 

More Related Content

Viewers also liked

CSA Atlanta Q1'2016 Chapter Meeting
CSA Atlanta Q1'2016 Chapter MeetingCSA Atlanta Q1'2016 Chapter Meeting
CSA Atlanta Q1'2016 Chapter MeetingPhil Agcaoili
 
G06.2014 gartner - magic quadrant for siem
G06.2014 gartner - magic quadrant for siemG06.2014 gartner - magic quadrant for siem
G06.2014 gartner - magic quadrant for siemSatya Harish
 
05 道德价值
05 道德价值05 道德价值
05 道德价值JoJo Wong
 

Viewers also liked (6)

CSA Atlanta Q1'2016 Chapter Meeting
CSA Atlanta Q1'2016 Chapter MeetingCSA Atlanta Q1'2016 Chapter Meeting
CSA Atlanta Q1'2016 Chapter Meeting
 
G06.2014 gartner - magic quadrant for siem
G06.2014 gartner - magic quadrant for siemG06.2014 gartner - magic quadrant for siem
G06.2014 gartner - magic quadrant for siem
 
The Caesar Cipher
The Caesar Cipher The Caesar Cipher
The Caesar Cipher
 
Kata tugas
Kata tugasKata tugas
Kata tugas
 
Kata Ganti Nama Diri
Kata Ganti Nama DiriKata Ganti Nama Diri
Kata Ganti Nama Diri
 
05 道德价值
05 道德价值05 道德价值
05 道德价值
 

Similar to (120107) #fitalk anonymizing activities

(130727) #fitalk anonymous network concepts and implementation
(130727) #fitalk anonymous network concepts and implementation(130727) #fitalk anonymous network concepts and implementation
(130727) #fitalk anonymous network concepts and implementationINSIGHT FORENSIC
 
DotDotPwn v3.0 [GuadalajaraCON 2012]
DotDotPwn v3.0 [GuadalajaraCON 2012]DotDotPwn v3.0 [GuadalajaraCON 2012]
DotDotPwn v3.0 [GuadalajaraCON 2012]Websec México, S.C.
 
Network Security Data Visualization
Network Security Data VisualizationNetwork Security Data Visualization
Network Security Data Visualizationamiable_indian
 
Storm Worm & Botnet
Storm Worm & BotnetStorm Worm & Botnet
Storm Worm & BotnetKendiv
 
Port Knocking_Urooj.pptx
Port Knocking_Urooj.pptxPort Knocking_Urooj.pptx
Port Knocking_Urooj.pptxJOHN810970
 
Anonymity Systems: Tor
Anonymity Systems: TorAnonymity Systems: Tor
Anonymity Systems: Torantitree
 
Chapter 7 security tools i
Chapter 7 security tools iChapter 7 security tools i
Chapter 7 security tools iSyaiful Ahdan
 
Lukas Apa - Hacking Robots Before SkyNet
Lukas Apa - Hacking Robots Before SkyNet Lukas Apa - Hacking Robots Before SkyNet
Lukas Apa - Hacking Robots Before SkyNet NoNameCon
 
DotDotPwn Fuzzer - Black Hat 2011 (Arsenal)
DotDotPwn Fuzzer - Black Hat 2011 (Arsenal)DotDotPwn Fuzzer - Black Hat 2011 (Arsenal)
DotDotPwn Fuzzer - Black Hat 2011 (Arsenal)Alejandro Hernández
 
The 5 most dangerous proxies
The 5 most dangerous proxiesThe 5 most dangerous proxies
The 5 most dangerous proxiesseldridgeD9
 
A Survey Report on DDOS Attacking Tools, Detection and Prevention Mechanisms
A Survey Report on DDOS Attacking Tools, Detection and Prevention MechanismsA Survey Report on DDOS Attacking Tools, Detection and Prevention Mechanisms
A Survey Report on DDOS Attacking Tools, Detection and Prevention MechanismsIRJET Journal
 
Anonymity in the Web based on Routing Protocols
Anonymity in the Web based on Routing ProtocolsAnonymity in the Web based on Routing Protocols
Anonymity in the Web based on Routing ProtocolsBiagio Botticelli
 
Tor: How it works to keep you safe online. PhutureCon 2014
Tor: How it works to keep you safe online. PhutureCon 2014Tor: How it works to keep you safe online. PhutureCon 2014
Tor: How it works to keep you safe online. PhutureCon 2014IceQUICK
 
An overview of unix rootkits
An overview of unix rootkitsAn overview of unix rootkits
An overview of unix rootkitsUltraUploader
 
Using a VPN or and TOR by remmy nweke, fellow, cyber security policy defender
Using a VPN or and TOR by remmy nweke, fellow, cyber security policy defenderUsing a VPN or and TOR by remmy nweke, fellow, cyber security policy defender
Using a VPN or and TOR by remmy nweke, fellow, cyber security policy defenderRemmy Nweke, mNGE, mNUJ, mGOCOP
 

Similar to (120107) #fitalk anonymizing activities (20)

(130727) #fitalk anonymous network concepts and implementation
(130727) #fitalk anonymous network concepts and implementation(130727) #fitalk anonymous network concepts and implementation
(130727) #fitalk anonymous network concepts and implementation
 
Guadalajara con 2012
Guadalajara con 2012Guadalajara con 2012
Guadalajara con 2012
 
DotDotPwn v3.0 [GuadalajaraCON 2012]
DotDotPwn v3.0 [GuadalajaraCON 2012]DotDotPwn v3.0 [GuadalajaraCON 2012]
DotDotPwn v3.0 [GuadalajaraCON 2012]
 
Network Security Data Visualization
Network Security Data VisualizationNetwork Security Data Visualization
Network Security Data Visualization
 
Storm Worm & Botnet
Storm Worm & BotnetStorm Worm & Botnet
Storm Worm & Botnet
 
Port Knocking_Urooj.pptx
Port Knocking_Urooj.pptxPort Knocking_Urooj.pptx
Port Knocking_Urooj.pptx
 
Anonymity Systems: Tor
Anonymity Systems: TorAnonymity Systems: Tor
Anonymity Systems: Tor
 
Chapter 7 security tools i
Chapter 7 security tools iChapter 7 security tools i
Chapter 7 security tools i
 
Lukas Apa - Hacking Robots Before SkyNet
Lukas Apa - Hacking Robots Before SkyNet Lukas Apa - Hacking Robots Before SkyNet
Lukas Apa - Hacking Robots Before SkyNet
 
DotDotPwn Fuzzer - Black Hat 2011 (Arsenal)
DotDotPwn Fuzzer - Black Hat 2011 (Arsenal)DotDotPwn Fuzzer - Black Hat 2011 (Arsenal)
DotDotPwn Fuzzer - Black Hat 2011 (Arsenal)
 
Tor
TorTor
Tor
 
Usability of Tor
Usability of TorUsability of Tor
Usability of Tor
 
The 5 most dangerous proxies
The 5 most dangerous proxiesThe 5 most dangerous proxies
The 5 most dangerous proxies
 
A Survey Report on DDOS Attacking Tools, Detection and Prevention Mechanisms
A Survey Report on DDOS Attacking Tools, Detection and Prevention MechanismsA Survey Report on DDOS Attacking Tools, Detection and Prevention Mechanisms
A Survey Report on DDOS Attacking Tools, Detection and Prevention Mechanisms
 
Tor
TorTor
Tor
 
Firewalls
FirewallsFirewalls
Firewalls
 
Anonymity in the Web based on Routing Protocols
Anonymity in the Web based on Routing ProtocolsAnonymity in the Web based on Routing Protocols
Anonymity in the Web based on Routing Protocols
 
Tor: How it works to keep you safe online. PhutureCon 2014
Tor: How it works to keep you safe online. PhutureCon 2014Tor: How it works to keep you safe online. PhutureCon 2014
Tor: How it works to keep you safe online. PhutureCon 2014
 
An overview of unix rootkits
An overview of unix rootkitsAn overview of unix rootkits
An overview of unix rootkits
 
Using a VPN or and TOR by remmy nweke, fellow, cyber security policy defender
Using a VPN or and TOR by remmy nweke, fellow, cyber security policy defenderUsing a VPN or and TOR by remmy nweke, fellow, cyber security policy defender
Using a VPN or and TOR by remmy nweke, fellow, cyber security policy defender
 

More from INSIGHT FORENSIC

(160820) #fitalk fileless malware forensics
(160820) #fitalk fileless malware forensics(160820) #fitalk fileless malware forensics
(160820) #fitalk fileless malware forensicsINSIGHT FORENSIC
 
(150124) #fitalk advanced $usn jrnl forensics (korean)
(150124) #fitalk advanced $usn jrnl forensics (korean)(150124) #fitalk advanced $usn jrnl forensics (korean)
(150124) #fitalk advanced $usn jrnl forensics (korean)INSIGHT FORENSIC
 
(150124) #fitalk advanced $usn jrnl forensics (english)
(150124) #fitalk advanced $usn jrnl forensics (english)(150124) #fitalk advanced $usn jrnl forensics (english)
(150124) #fitalk advanced $usn jrnl forensics (english)INSIGHT FORENSIC
 
(140118) #fitalk detection of anti-forensics artifacts using ioa fs
(140118) #fitalk detection of anti-forensics artifacts using ioa fs(140118) #fitalk detection of anti-forensics artifacts using ioa fs
(140118) #fitalk detection of anti-forensics artifacts using ioa fsINSIGHT FORENSIC
 
(140118) #fitalk 2013 e-discovery trend
(140118) #fitalk 2013 e-discovery trend(140118) #fitalk 2013 e-discovery trend
(140118) #fitalk 2013 e-discovery trendINSIGHT FORENSIC
 
(141031) #fitalk plaso 슈퍼 타임라인 분석 도구 활용 방안
(141031) #fitalk plaso 슈퍼 타임라인 분석 도구 활용 방안(141031) #fitalk plaso 슈퍼 타임라인 분석 도구 활용 방안
(141031) #fitalk plaso 슈퍼 타임라인 분석 도구 활용 방안INSIGHT FORENSIC
 
(141031) #fitalk os x yosemite artifacts
(141031) #fitalk os x yosemite artifacts(141031) #fitalk os x yosemite artifacts
(141031) #fitalk os x yosemite artifactsINSIGHT FORENSIC
 
(140716) #fitalk 전자금융사고에서의 디지털 포렌식
(140716) #fitalk 전자금융사고에서의 디지털 포렌식(140716) #fitalk 전자금융사고에서의 디지털 포렌식
(140716) #fitalk 전자금융사고에서의 디지털 포렌식INSIGHT FORENSIC
 
(140716) #fitalk digital evidence from android-based smartwatch
(140716) #fitalk digital evidence from android-based smartwatch(140716) #fitalk digital evidence from android-based smartwatch
(140716) #fitalk digital evidence from android-based smartwatchINSIGHT FORENSIC
 
(140625) #fitalk sq lite 소개와 구조 분석
(140625) #fitalk sq lite 소개와 구조 분석(140625) #fitalk sq lite 소개와 구조 분석
(140625) #fitalk sq lite 소개와 구조 분석INSIGHT FORENSIC
 
(140407) #fitalk d trace를 이용한 악성코드 동적 분석
(140407) #fitalk d trace를 이용한 악성코드 동적 분석(140407) #fitalk d trace를 이용한 악성코드 동적 분석
(140407) #fitalk d trace를 이용한 악성코드 동적 분석INSIGHT FORENSIC
 
(140625) #fitalk sq lite 삭제된 레코드 복구 기법
(140625) #fitalk sq lite 삭제된 레코드 복구 기법(140625) #fitalk sq lite 삭제된 레코드 복구 기법
(140625) #fitalk sq lite 삭제된 레코드 복구 기법INSIGHT FORENSIC
 
(130216) #fitalk reverse connection tool analysis
(130216) #fitalk reverse connection tool analysis(130216) #fitalk reverse connection tool analysis
(130216) #fitalk reverse connection tool analysisINSIGHT FORENSIC
 
(130216) #fitalk potentially malicious ur ls
(130216) #fitalk potentially malicious ur ls(130216) #fitalk potentially malicious ur ls
(130216) #fitalk potentially malicious ur lsINSIGHT FORENSIC
 
(130202) #fitalk trends in d forensics (jan, 2013)
(130202) #fitalk trends in d forensics (jan, 2013)(130202) #fitalk trends in d forensics (jan, 2013)
(130202) #fitalk trends in d forensics (jan, 2013)INSIGHT FORENSIC
 
(130202) #fitalk china threat
(130202) #fitalk china threat(130202) #fitalk china threat
(130202) #fitalk china threatINSIGHT FORENSIC
 
(130119) #fitalk sql server forensics
(130119) #fitalk sql server forensics(130119) #fitalk sql server forensics
(130119) #fitalk sql server forensicsINSIGHT FORENSIC
 
(130119) #fitalk apt, cyber espionage threat
(130119) #fitalk apt, cyber espionage threat(130119) #fitalk apt, cyber espionage threat
(130119) #fitalk apt, cyber espionage threatINSIGHT FORENSIC
 
(130119) #fitalk all about physical data recovery
(130119) #fitalk all about physical data recovery(130119) #fitalk all about physical data recovery
(130119) #fitalk all about physical data recoveryINSIGHT FORENSIC
 
(130105) #fitalk trends in d forensics (dec, 2012)
(130105) #fitalk trends in d forensics (dec, 2012)(130105) #fitalk trends in d forensics (dec, 2012)
(130105) #fitalk trends in d forensics (dec, 2012)INSIGHT FORENSIC
 

More from INSIGHT FORENSIC (20)

(160820) #fitalk fileless malware forensics
(160820) #fitalk fileless malware forensics(160820) #fitalk fileless malware forensics
(160820) #fitalk fileless malware forensics
 
(150124) #fitalk advanced $usn jrnl forensics (korean)
(150124) #fitalk advanced $usn jrnl forensics (korean)(150124) #fitalk advanced $usn jrnl forensics (korean)
(150124) #fitalk advanced $usn jrnl forensics (korean)
 
(150124) #fitalk advanced $usn jrnl forensics (english)
(150124) #fitalk advanced $usn jrnl forensics (english)(150124) #fitalk advanced $usn jrnl forensics (english)
(150124) #fitalk advanced $usn jrnl forensics (english)
 
(140118) #fitalk detection of anti-forensics artifacts using ioa fs
(140118) #fitalk detection of anti-forensics artifacts using ioa fs(140118) #fitalk detection of anti-forensics artifacts using ioa fs
(140118) #fitalk detection of anti-forensics artifacts using ioa fs
 
(140118) #fitalk 2013 e-discovery trend
(140118) #fitalk 2013 e-discovery trend(140118) #fitalk 2013 e-discovery trend
(140118) #fitalk 2013 e-discovery trend
 
(141031) #fitalk plaso 슈퍼 타임라인 분석 도구 활용 방안
(141031) #fitalk plaso 슈퍼 타임라인 분석 도구 활용 방안(141031) #fitalk plaso 슈퍼 타임라인 분석 도구 활용 방안
(141031) #fitalk plaso 슈퍼 타임라인 분석 도구 활용 방안
 
(141031) #fitalk os x yosemite artifacts
(141031) #fitalk os x yosemite artifacts(141031) #fitalk os x yosemite artifacts
(141031) #fitalk os x yosemite artifacts
 
(140716) #fitalk 전자금융사고에서의 디지털 포렌식
(140716) #fitalk 전자금융사고에서의 디지털 포렌식(140716) #fitalk 전자금융사고에서의 디지털 포렌식
(140716) #fitalk 전자금융사고에서의 디지털 포렌식
 
(140716) #fitalk digital evidence from android-based smartwatch
(140716) #fitalk digital evidence from android-based smartwatch(140716) #fitalk digital evidence from android-based smartwatch
(140716) #fitalk digital evidence from android-based smartwatch
 
(140625) #fitalk sq lite 소개와 구조 분석
(140625) #fitalk sq lite 소개와 구조 분석(140625) #fitalk sq lite 소개와 구조 분석
(140625) #fitalk sq lite 소개와 구조 분석
 
(140407) #fitalk d trace를 이용한 악성코드 동적 분석
(140407) #fitalk d trace를 이용한 악성코드 동적 분석(140407) #fitalk d trace를 이용한 악성코드 동적 분석
(140407) #fitalk d trace를 이용한 악성코드 동적 분석
 
(140625) #fitalk sq lite 삭제된 레코드 복구 기법
(140625) #fitalk sq lite 삭제된 레코드 복구 기법(140625) #fitalk sq lite 삭제된 레코드 복구 기법
(140625) #fitalk sq lite 삭제된 레코드 복구 기법
 
(130216) #fitalk reverse connection tool analysis
(130216) #fitalk reverse connection tool analysis(130216) #fitalk reverse connection tool analysis
(130216) #fitalk reverse connection tool analysis
 
(130216) #fitalk potentially malicious ur ls
(130216) #fitalk potentially malicious ur ls(130216) #fitalk potentially malicious ur ls
(130216) #fitalk potentially malicious ur ls
 
(130202) #fitalk trends in d forensics (jan, 2013)
(130202) #fitalk trends in d forensics (jan, 2013)(130202) #fitalk trends in d forensics (jan, 2013)
(130202) #fitalk trends in d forensics (jan, 2013)
 
(130202) #fitalk china threat
(130202) #fitalk china threat(130202) #fitalk china threat
(130202) #fitalk china threat
 
(130119) #fitalk sql server forensics
(130119) #fitalk sql server forensics(130119) #fitalk sql server forensics
(130119) #fitalk sql server forensics
 
(130119) #fitalk apt, cyber espionage threat
(130119) #fitalk apt, cyber espionage threat(130119) #fitalk apt, cyber espionage threat
(130119) #fitalk apt, cyber espionage threat
 
(130119) #fitalk all about physical data recovery
(130119) #fitalk all about physical data recovery(130119) #fitalk all about physical data recovery
(130119) #fitalk all about physical data recovery
 
(130105) #fitalk trends in d forensics (dec, 2012)
(130105) #fitalk trends in d forensics (dec, 2012)(130105) #fitalk trends in d forensics (dec, 2012)
(130105) #fitalk trends in d forensics (dec, 2012)
 

Recently uploaded

Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 3652toLead Limited
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...HostedbyConfluent
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure servicePooja Nehwal
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxKatpro Technologies
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?XfilesPro
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 

Recently uploaded (20)

Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
 

(120107) #fitalk anonymizing activities

  • 2. forensicinsight.org Page 2 / 14 개요  Tor History  Tor Concept  AdvOR@Windows  torsocks@Linux (Installation & Usage)  Tor Pitfalls  Privoxy  Proxy Type  Anonymizers & De-Anonymizers
  • 3. forensicinsight.org Page 3 / 14 Tor (The Onion Routing) History  History - Roger Dingledine, Nick Mathewson and Paul Syverson, “Tor: The Second-Generation Onion Router" at the 13th USENIX Security Symposium (08.13.2004) - Sponsored by the US Naval Research Laboratory Financially supported by the Electronic Frontier Foundation - Awarded the Free Software Foundation's 2010 Award for Projects of Social Benefit http://www.torproject.org http://sourceforge.net/projects/advtor/
  • 4. forensicinsight.org Page 4 / 14 Tor (The Onion Routing) Concept  A network of virtual tunnels that allows people and groups to improve their privacy on the Internet.  Routing information for each link encrypted with the public key.  Each router learns only the identity of the next router
  • 5. forensicinsight.org Page 5 / 14 AdvOR@Windows (Installation & Usage)  Default Port: 9001  Supports Socks4, Socks5, HTTP, HTTPS SOCKS4 VS SOCKS5 (supports Proxy Authentication)  Specifies browse type, version, OS, extensions  Restricts connections only from specific IPs or IP Ranges  Selects Exit node New Identity Banned routers Favorite routers IP Blacklist
  • 6. forensicinsight.org Page 6 / 14 Default Port: 9050 # apt-get install –y torsocks # wget http://ipip.kr # usewithtor wget http://ipip.kr # usewithtor wget http://ipip.kr -U "Mozilla/5.0 (Windows NT; en-US) Gecko/20100316 firefox/3.6.2” # usewithtor ssh id@myweb.hosting.com # ./tgrab.sh http://ipip.kr torsocks@Linux (Installation & Usage)
  • 7. forensicinsight.org Page 7 / 14  SocksiPy.zip (http://socksipy.sourceforge.net, http://sourceforge.net/projects/socksipy) # cp socks.py /usr/lib/python2.7/dist-package  torwget.py : SOCKS proxy initialization, socket object  SocksiPy class overriding) : socks.setdefaultproxy(proxy((socks.proxy (PROXY_TYPE_SOCKS5, TOR_SERVER, TOR_PORT) socket.socket = socks.socksocket : TOR_SERVER = “127.0.0.1”, TOR_PORT=9050  http://malc0de.com/database/  xnxxvideos.xn.funpic.org/dll.exe (2012.1.1) # python torwget.py -c xnxxvideos.xn.funpic.org/dll.exe -r http://msn.com –z xnxxvideos.xn.funpic.org/dll.exe Hostname: xnxxvideos.xn.funpic.org Path: /dll.exe Headers: {'Referrer': 'http://msn.com', 'Accept': '*/*', 'User-Agent': 'Opera/9.51 (Macintosh; Intel Mac OS X; U; en)'} Saving 786432 bytes to xnxxvideos. xn.funpic.org/dll.exe Done! torsocks@Linux (Installation & Usage)
  • 8. forensicinsight.org Page 8 / 14 Tor Pitfalls  Speed  Untrusted tor user (Exit node)  Tor block list
  • 9. forensicinsight.org Page 9 / 14 Privoxy  Port 8118  Feasibility filter banner ads, web bugs, and HTML annoyances bypass click-tracking scripts and redirections remove animation from GIFs # apt-get install privoxy # netstat –anlpt Active Internet connections (servers and established) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 127.0.0.1:8118 0.0.0.0:* LISTEN 10315/privoxy  http://www.privoxy.org, http://sourceforge.net/projects/ijbswa/files/  /etc/privoxy/config forward-socks5 / 127.0.0.1:9050 .
  • 10. forensicinsight.org Page 10 / 14 Proxy Type  Transparent Proxy  Anonymous Proxy  Highly Aanonymous Proxy header_check.php <?php $get_headers = apache_request_headers(); echo $_SERVER[„REQUEST_METHOD‟] . “ “ . $_SERVER[„REQUEST_URI‟] . “ “ . $_SERVER[„SERVER_PROTOCOL‟] . “<br/>”; foreach ($get_headers as $header => $value) { echo “$header: $value <br/>n”; } echo “<br/><br/>Your IP address is: “ . $_SERVER[„REMOTE_ADDR‟]; ?>
  • 11. forensicinsight.org Page 11 / 14 Proxy Type: Transparent  Transparent Proxy http://www.proxy4free.com/
  • 12. forensicinsight.org Page 12 / 14 Proxy Type: Anonymous  Anonymous Proxy http://www.youhide.com/
  • 13. forensicinsight.org Page 13 / 14 Proxy Type: Highly Anonymous  Highly Anonymous Proxy http://aliveproxy.com/high-anonymity-proxy-list/
  • 14. forensicinsight.org Page 14 / 14 Anonymizers & De-Anonymizers  Web Anonymizer http://www.anonymouse.org  Cellular Internet Connections  http://panopticlick.eff.org/ This site tests your browser to see how unique it is based on the information it will share with sites it visits. (http://panopticlick.eff.org/browser-uniqueness.pdf)  http://browserspy.dk/ This site shows you just how much information can be retrieved from your browser just by visiting a page.